Some time ago I came across a concept by Marc Bevand advocating email as a Decentralized API to Personal Information. In this post he outlines the idea that – email being such a pervasive tool to the extent that nearly everyone uses it – a personal, distributed and decentralized API layer could be built on top of it.
The basic idea is this: Email could be used as a protocol for transactions and automatically exchanging information. Take these use cases for example:
- Automatically setting up email encryption with public key encryption tools such as GPG. Exchanging public keys today still is a largely manual, cumbersome and error-prone process. This is the most important reason for the still poor adoption rate for encryption tools.
- If I send an email to firstname.lastname@example.org I automatically get a reply with John Doe’s business card as a vCard file containing just the contact data John would like to be publically available.
- If I send the same email from an email address that ends in @company.com I receive more complete contact information for use by John’s colleagues.
- A request to email@example.com could return John’s public CV. Just like the business card data this information could be filtered according to the sender’s address, email headers or basically any other rule that’s already possible with today’s email clients’ filtering features.
- Social network interactions. Being used by almost everyone on the Internet email is by far the largest social network eclipsing even Facebook, plus it’s decentralized meaning there’s no central entity that sells your data, decides which content is good for you or shares your private messages with the government (given you take care of proper encryption, see #1)
- Transactional email. All that tedious to and fro with registering for a new service, verifying your email address, sending password reset emails, subscribing to newsletter could to a large extent be automated by rule-driven processes. Combined with services such as 1Password Watchtower it’d even be possible to swiftly and automatically act on security issues.
The possibilities are almost limitless though there are some limitations imposed by the common protocols used for email: Currently, with POP3, IMAP and SMTP alone it’s not possible to verify the sender of an email. Email address spoofing is rampant in the spam ‘industry’. Not being able to verify the sender of an email effectively prohibits use cases involving potentially sensitive data such as #3 and #4
Public key encryption could be used for circumventing these shortcomings but admittedly und very much unfortunately we’re not there yet in terms of both adoption and integration with existing email clients.
Anyway, the concept of using email as a decentralized API for personal data is very intriguing, both from a UX perspective but even more so because decentralization of data and distributed computing in my opinion simply is the right approach for the future.
The author has set up some demo rules and canned responses. You can try it out by sending an email with one of the following subjects to firstname.lastname@example.org:
- autoresponder:online_identity returns information typically needed by a web forum: avatar image, language, etc
- autoresponder:fullname returns a full name
- autoresponder:phone returns a phone number